Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\Wsuegm cmomcqgq] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\Wsuegm cmomcqgq] 'ImagePath' = '%WINDIR%\Terms.EXE'
- 'Wsuegm cmomcqgq' %WINDIR%\Terms.EXE
- %WINDIR%\terms.exe
- %WINDIR%\syswow64\config\systemprofile\appdata\locallow\microsoft\cryptneturlcache\metadata\fa0a17bc17ff10008872a7205d0d43e2_5fe90e28a5c4f66460b6a36ecff82c5e
- %WINDIR%\syswow64\config\systemprofile\appdata\locallow\microsoft\cryptneturlcache\content\fa0a17bc17ff10008872a7205d0d43e2_5fe90e28a5c4f66460b6a36ecff82c5e
- %WINDIR%\syswow64\config\systemprofile\appdata\locallow\microsoft\cryptneturlcache\metadata\9d161b3cd7c8b9d7b5c97e4395a9abd5_557dae88cafc73c1280cbc72a453bdbd
- %WINDIR%\syswow64\config\systemprofile\appdata\locallow\microsoft\cryptneturlcache\content\9d161b3cd7c8b9d7b5c97e4395a9abd5_557dae88cafc73c1280cbc72a453bdbd
- '23.##4.244.5':2014
- 'us###.qzone.qq.com':80
- 'us###.qzone.qq.com':443
- 'oc##.dcocsp.cn':80
- http://oc##.dcocsp.cn/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHv1Dj%2BciPJEWH5JNtwL5Y07mRqwQUxBF%2BiECGwkG%2FZfMa4bRTQKOr7H0CEArIzKqFYmE3jrS4gQrE3QI%3D
- http://us###.qzone.qq.com/fcg-bin/cgi_get_portrait.fcg?ui############
- 'us###.qzone.qq.com':443
- DNS ASK us###.qzone.qq.com
- DNS ASK oc##.dcocsp.cn
- '%WINDIR%\terms.exe'
- '%WINDIR%\terms.exe' Win7